Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 363453 - sys-fs/diskdev_cmds _FORTIFY_SOURCE indicates presence of overflow
Summary: sys-fs/diskdev_cmds _FORTIFY_SOURCE indicates presence of overflow
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: PPC Porters
URL:
Whiteboard:
Keywords:
Depends on: 437398
Blocks: fortify-source
  Show dependency tree
 
Reported: 2011-04-13 10:28 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2020-06-24 07:35 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log (diskdev_cmds-332.14_p1:20110413-100335.log,13.76 KB, text/plain)
2011-04-13 10:28 UTC, Diego Elio Pettenò (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2011-04-13 10:28:49 UTC
Created attachment 269777 [details]
Build log

You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Sergei Trofimovich gentoo-dev 2020-06-24 07:26:03 UTC
Original report:
"""
In function ‘bzero’,
    inlined from ‘DeallocateFile’ at SExtents.c:701:3:
/usr/include/bits/string3.h:98:3: warning: call to __builtin___memset_chk will always overflow destination buffer [enabled by default]
In function ‘bzero’,
    inlined from ‘DeallocateFile’ at SExtents.c:704:3:
/usr/include/bits/string3.h:98:3: warning: call to __builtin___memset_chk will always overflow destination buffer [enabled by default]
"""

Nowadays' gcc detects the same:

"""
x86_64-pc-linux-gnu-gcc -march=sandybridge -mtune=sandybridge -maes --param=l1-cache-size=32 --param=l1-cache-line-size=64 --param=l2-cache-size=8192 -O2 -pipe -fdiagnostics-show-option -frecord-gcc-switches -Wall -Wextra -Wstack-protector     -frecord-gcc-switches     -frecord-gcc-switches -Wall -I/tmp/portage/sys-fs/diskdev_cmds-332.14_p1-r3/work/diskdev_cmds-332.14/include -DDEBUG_BUILD=0 -D_FILE_OFFSET_BITS=64 -D LINUX=1 -D BSD=1   -c -o SExtents.o SExtents.c
In file included from /usr/include/strings.h:144,
                 from /usr/include/string.h:432,
                 from SRuntime.h:36,
                 from BTree.h:37,
                 from SExtents.c:37:
In function 'bzero',
    inlined from 'DeallocateFile' at SExtents.c:701:3:
/usr/include/bits/strings_fortified.h:31:10: warning: '__builtin___memset_chk' forming offset [64, 75] is out of the bounds [0, 64] of object 'dataForkExtents' with type 'HFSPlusExtentRecord' {aka 'HFSPlusExtentDescriptor[8]'} [-Warray-bounds]
   31 |   (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SExtents.c: In function 'DeallocateFile':
SExtents.c:687:23: note: 'dataForkExtents' declared here
  687 |   HFSPlusExtentRecord dataForkExtents;
      |                       ^~~~~~~~~~~~~~~
In file included from /usr/include/strings.h:144,
                 from /usr/include/string.h:432,
                 from SRuntime.h:36,
                 from BTree.h:37,
                 from SExtents.c:37:
In function 'bzero',
    inlined from 'DeallocateFile' at SExtents.c:704:3:
/usr/include/bits/strings_fortified.h:31:10: warning: '__builtin___memset_chk' forming offset [64, 75] is out of the bounds [0, 64] of object 'rsrcForkExtents' with type 'HFSPlusExtentRecord' {aka 'HFSPlusExtentDescriptor[8]'} [-Warray-bounds]
   31 |   (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"""
Comment 2 Sergei Trofimovich gentoo-dev 2020-06-24 07:35:58 UTC
The code in question is:
"""
                ClearMemory(&dataForkExtents[i].startBlock,
                        sizeof(HFSPlusExtentRecord) - sizeof(HFSExtentRecord));

                ClearMemory(&rsrcForkExtents[i].startBlock,
                        sizeof(HFSPlusExtentRecord) - sizeof(HFSExtentRecord));
"""

It's a bit fishy to follow, but it does not look immediately incorrect.